This document discusses using Terraform to manage cloud infrastructure as code. Terraform allows infrastructure to be defined using declarative configuration files that can be treated as code and versioned. It uses a provider model to interact with different cloud APIs to deploy and manage resources. Key features discussed include idempotency, the Terraform graph, modules for abstraction, variables, and linking dependent resources.
9. “codifiesAPIs into declarative configuration
files that can be shared amongst team
members, treated as code, edited, reviewed,
and versioned.”
terraform.io
13. Topology: Hashicorp Configuration Language files
“The goal of HCL is to build a
structured configuration
language that is both human
and machine friendly for use
with command-line tools, but
specifically targeted towards
DevOps tools, servers, etc.”
terraform.io
14. Resource
- Unitary element deployed through Provider API
resource "aws_instance" "web" {
ami = "ami-12345"
instance_type = "t2.micro"
...
tags {
Name = "HelloWorld"
}
}
Resource type
Resource name
Parameters
18. Terraform apply and idempotency
terraform-cli
Provider
TfState1. Get resources Ids existing in tfstate
2. Get Data from Provider from the ids in
the tfsate
3. Generate graph from Code and 2.
What needs to be created / Modified /
Deleted ?
4. Apply
29. If the resource was created before Terraform you can
reference it !
30. Datasource
# topology.tf
data "aws_vpc" "my_vpc" {
tags {
Name = "My VPC"
}
}
resource "aws_subnet" "example" {
vpc_id = "${data.aws_vpc.my_vpc.id}"
availability_zone = "us-west-2a"
cidr_block =
"${cidrsubnet(data.aws_vpc.selected.cidr_block, 4, 1)}"
}
- Number of
Datasources types
depends on provider
- Multiple fields can be
available
- Datasources are refresh
on each apply
38. Abstraction with modules
Topology:
Application A
Topology
Application B
Module: Application
Parameters:
- ami
- LoadBalancer Name
Resources:
- Instance
- Attach Instance to
LoadBalancer
Output:
- Instance ID
43. A resource is never alone
VMSecurity Group
VM needs Security
Group Id as
Parameter
Deployment
timelapse
1) 2)
44. Linked resources
resource "aws_security_group" "allow_all" {
name = "allow_all"
ingress {
from_port = 0
to_port = 65535
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_instance" "web" {
ami = "ami-12345"
instance_type = "t2.micro"
vpc_security_group_ids = [“${aws_security_group.allow_all.id}”]
tags {
Name = "HelloWorld"
}
}
Referenced resource
A resource has output
values like :
● Id
● DNS name
● Ip
● ...
45. Variable # topology.tf
variable "ubuntu_ami" {
default = "ami_123456"
type = "string"
}
resource "aws_instance" "web" {
ami = "${var.ubuntu_ami}"
instance_type = "t2.micro"
tags {
Name = "HelloWorld"
}
}
Variable can be set
through
- Default value
- tfvars file
- Environment variable
- Command Line option
# terraform.tfvars
ubuntu_ami = "ami_23456"
46. HCL Language features
- Count
- Condition through ternary operation
- Functions around Map / List / String
- CIDR Range manipulation
- Math functions
- ...
47. 1. tfstate output
Topology A
Tfstate A Tfstate B
Topology B
Get output from Tfstate A
to inject in resources